SLSA provenance

• CURIE: gmeow:attestationTypeSLSAProvenance
• IRI: https://blackcatinformatics.ca/gmeow/attestationTypeSLSAProvenance
• Category: individual
• Defined by: gmeow:slices/attestation
• Box roles: ABox role, CBox role (What is this?)

SLSA provenance attestation describing how a software artifact was produced, per the Supply-chain Levels for Software Artifacts framework.

Structure

Types: gmeow:AttestationType

Practical Pattern

Use gmeow:attestationTypeSLSAProvenance as a controlled value typed as gmeow:AttestationType.

Example Snippets

These snippets are generated from canonical slice examples and trimmed to the Turtle blocks where this term appears.

Software Release

• Source: slices/core/attestation/examples/software-release.ttl
• Examples catalog: open in catalog#example-slices-core-attestation-examples-software-release

# --- The attestation: the CI system vouches for the release as SLSA provenance.
ex:slsaAttestation a gmeow:Attestation ;
    gmeow:attester           ex:ciSystem ;
    gmeow:attestedSubject    ex:release ;
    gmeow:attestationType    gmeow:attestationTypeSLSAProvenance ;
    gmeow:issuedAt           "2026-06-14T12:00:00Z"^^xsd:dateTime ;
    gmeow:attestationArtifact ex:artifact ;
    gmeow:hasSignature       ex:sig ;
    gmeow:verificationResult ex:verifyResult .

Common Companion Terms

gmeow:AttestationType